Common Paper Business Associate Agreement
This page previews the Common Paper Business Associate Agreement cover page and its fields. The binding terms are the external Standard Terms linked below; download the Word file to fill in and execute.
Standard terms
This cover page references the Standard Terms posted externally. View standard terms at https://commonpaper.com/standards/business-associate-agreement/1.0.
Cover page fields
| Field | Description |
|---|---|
| Company Name | Official company name |
| Party Role | Role in the agreement (Business Associate or Covered Entity) |
| Principal Agreement | Reference to the principal agreement |
| Subcontractor Role | Role of subcontractors |
| Free Text | Free text entry |
| Aggregation Restrictions | Specific aggregation restrictions |
| Offshoring Restrictions | Specific offshoring rights or restrictions |
| Breach Notification Unit | Unit for breach notification period |
| Breach Notification Number | Numeric value for the breach notification period (e.g. 5) |
| Other Changes | Prose describing other changes to BAA Standard Terms |
| Custom Effective Date | Custom effective date (if not date of last signature) |
| Maintains Designated Record Set | Whether Provider maintains PHI in a Designated Record Set |
| No Subcontracting | Provider will not subcontract |
| Subcontracting With Conditions | Provider will not subcontract unless conditions are met |
| Subcontract Notice Required | Notice must be provided to Company before subcontracting |
| Subcontract Permission Required | Company explicit permission required for subcontracting |
| No Offshoring | Offshoring of PHI and/or Services is not permitted |
| Offshoring With Conditions | Offshoring not permitted unless conditions met |
| No Deidentification | Provider will not de-identify PHI |
| Deidentification With Conditions | Provider will not de-identify PHI unless conditions met |
| Deidentification Purpose | Specific purpose(s) for which Provider may de-identify PHI (e.g. generating data analytics) |
| Deidentify For Purpose | De-identification for specific purposes only |
| Deidentify Additional Requirements | Additional requirements for de-identifying PHI |
| No Aggregation | Provider will not aggregate PHI |
| Aggregation With Conditions | Provider will not aggregate PHI unless conditions met |
| Provider Signatory Type | Whether the Provider signatory is an entity or individual |
| Provider Signatory Name | Full legal name of the Provider's signatory |
| Provider Signatory Title | Title/role of the Provider's signatory (entity only) |
| Provider Signatory Company | Company name for the Provider signatory (entity only) |
| Provider Signatory Email | Notice email address for the Provider |
| Company Signatory Type | Whether the Company signatory is an entity or individual |
| Company Signatory Name | Full legal name of the Company's signatory |
| Company Signatory Title | Title/role of the Company's signatory (entity only) |
| Company Signatory Company | Company name for the Company signatory (entity only) |
| Company Signatory Email | Notice email address for the Company |
This template is a drafter's starting point. It does not constitute legal advice. Workflow support only. Not legal advice.